Date: Thu, 5 Jul 2001 20:11:13 +0100 From: Richard Smith <rdls@rdls.net> To: Tony <tony@tntpro.com> Cc: Michael Lucas <mwlucas@blackhelicopters.org>, questions@freebsd.org Subject: Re: dummynet question Message-ID: <20010705201113.A1596@gaia.home.rdls.net> In-Reply-To: <002501c10353$b8c79120$0a00a8c0@TONY>; from tony@tntpro.com on Mon, Jul 02, 2001 at 08:04:24PM -0400 References: <20010701131531.A78357@blackhelicopters.org> <20010701200306.A282@gaia.home.rdls.net> <002501c10353$b8c79120$0a00a8c0@TONY>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 02, 2001 at 08:04:24PM -0400, Tony wrote: > > On Sun, Jul 01, 2001 at 01:15:31PM -0400, Michael Lucas wrote: > > > Hello, > > > > > > I have several Web sites, with different IP addresses, on one server. > > > I would like to limit each individual site to 128k of outbound traffic. > > > > > > ipfw add 00100 pipe 1 ip from a.b.c.d to any > > > ipfw add 00200 pipe 2 ip from a.b.c.e to any > > > .... > > > > > > ipfw pipe 1 config bw 128Kbit/s > > > ipfw pipe 2 config bw 128Kbit/s > > > ... > > > > > > Could I simplify this into pointing each IPFW rule into "pipe 1", > > > throttling each to 128K? Or would they share the bandwidth, or would > > > something else funky happen? > > > > No. They would all share the same 128K pipe. Your former approach > > is the correct one. [I am assuming that the rules run on the web > > server itself, otherwise they may need modification] > > > what type of modification would need to be made if I was running the rules > on a firewall instead of the webserver itself? I have gone online and read > all the reference material I can find and can't seem to find the solution. Unless you have configured the kernel to the contrary, ipfw rules are invoked as a packet passes through each interface. So on a firewall each packet will pass through your rules twice. To ensure that the pipe is used only once you could add an interface-spec to the rule (in/out/via). > my firewall has two interfaces 192.168.0.1 and 207.5.xxx.xx, my webserver is > on 192.168.0.100 I would love some help, I tried the rulse as micheal had > them, but to no avail... You probably need to run natd as well to hide your RFC1918 addresses behind your firewall public IP address. Richard. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010705201113.A1596>